On 03/05/2014 10:44 AM, Kenneth Lerman wrote: > On 3/3/2014 12:41 PM, John Kasunich wrote: >> >> I agree 110% with John. "sudo make setuid" shouldn't be considered >> an obstacle. > sudo make setcap... is probably more appropriate. These days, we can set > individual capabilities rather than handing out root privileges.
I looked into using setcap recently. That would be ideal, and would work fine today for RIP builds and manual 'make install' runs. The stumper is packaging: AFAIK Debian's 'fakeroot' doesn't wrap setcap, and 'tar' doesn't know how to capture file capabilities. Same goes for RedHat packaging. In the meantime, more fine-grained permissions might be had with appropriate /etc/security/limits.d entries (possibly enough to solve Seb's buildbot POSIX unit test failures without a setuid binary). John ------------------------------------------------------------------------------ Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce. With Perforce, you get hassle-free workflows. Merge that actually works. Faster operations. Version large binaries. Built-in WAN optimization and the freedom to use Git, Perforce or both. Make the move to Perforce. http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk _______________________________________________ Emc-developers mailing list Emc-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-developers